VulnerableCode Package Details - pkg:apk/alpine/asterisk@16.6.2-r0?arch=ppc64le&distroversion=v3.15&reponame=main

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:apk/alpine/asterisk@16.6.2-r0?arch=ppc64le&distroversion=v3.15&reponame=main

purl	pkg:apk/alpine/asterisk@16.6.2-r0?arch=ppc64le&distroversion=v3.15&reponame=main

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (2)

Vulnerability	Summary	Aliases
VCID-32hs-eqw2-1kf2	An issue was discovered in channels/chan_sip.c in Sangoma Asterisk 13.x before 13.29.2, 16.x before 16.6.2, and 17.x before 17.0.1, and Certified Asterisk 13.21 before cert5. A SIP request can be sent to Asterisk that can change a SIP peer's IP address. A REGISTER does not need to occur, and calls can be hijacked as a result. The only thing that needs to be known is the peer's name; authentication details such as passwords do not need to be known. This vulnerability is only exploitable when the nat option is set to the default, or auto_force_rport.	CVE-2019-18790
VCID-5yue-52xt-ryhw	An issue was discovered in manager.c in Sangoma Asterisk through 13.x, 16.x, 17.x and Certified Asterisk 13.21 through 13.21-cert4. A remote authenticated Asterisk Manager Interface (AMI) user without system authorization could use a specially crafted Originate AMI request to execute arbitrary system commands.	CVE-2019-18610

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-03T17:53:49.792354+00:00	Alpine Linux Importer	Fixing	VCID-5yue-52xt-ryhw	https://secdb.alpinelinux.org/v3.15/main.json	38.1.0
2026-04-01T19:08:51.269880+00:00	Alpine Linux Importer	Fixing	VCID-32hs-eqw2-1kf2	https://secdb.alpinelinux.org/v3.15/main.json	38.0.0